class DataProtectionPolicy
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.Logs.DataProtectionPolicy |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awslogs#DataProtectionPolicy |
![]() | software.amazon.awscdk.services.logs.DataProtectionPolicy |
![]() | aws_cdk.aws_logs.DataProtectionPolicy |
![]() | aws-cdk-lib » aws_logs » DataProtectionPolicy |
Creates a data protection policy for CloudWatch Logs log groups.
Example
import * as kinesisfirehose from '@aws-cdk/aws-kinesisfirehose-alpha';
import * as destinations from '@aws-cdk/aws-kinesisfirehose-destinations-alpha';
const logGroupDestination = new logs.LogGroup(this, 'LogGroupLambdaAudit', {
logGroupName: 'auditDestinationForCDK',
});
const bucket = new s3.Bucket(this, 'audit-bucket');
const s3Destination = new destinations.S3Bucket(bucket);
const deliveryStream = new kinesisfirehose.DeliveryStream(this, 'Delivery Stream', {
destination: s3Destination,
});
const dataProtectionPolicy = new logs.DataProtectionPolicy({
name: 'data protection policy',
description: 'policy description',
identifiers: [
logs.DataIdentifier.DRIVERSLICENSE_US, // managed data identifier
new logs.DataIdentifier('EmailAddress'), // forward compatibility for new managed data identifiers
new logs.CustomDataIdentifier('EmployeeId', 'EmployeeId-\\d{9}')], // custom data identifier
logGroupAuditDestination: logGroupDestination,
s3BucketAuditDestination: bucket,
deliveryStreamNameAuditDestination: deliveryStream.deliveryStreamName,
});
new logs.LogGroup(this, 'LogGroupLambda', {
logGroupName: 'cdkIntegLogGroup',
dataProtectionPolicy: dataProtectionPolicy,
});
Initializer
new DataProtectionPolicy(props: DataProtectionPolicyProps)
Parameters